Port monitoring system
A port monitoring system includes a first extending device. The first extending device includes a monitored port and a networking port. The first extending device is configured to detect a first packet at the monitored port and, in response, generate a mirrored packet. Then the first extending device adds a monitoring identifier to the mirrored packet and forwards the mirrored packet through the networking port. The port monitoring system also includes a networking device that is coupled to the first extending device. The networking device is configured to receive the mirrored packet from the first extending device and determine that the mirrored packet is associated with a monitoring port using the monitoring identifier provided by the mirrored packet. The networking device then forwards the mirrored packet to the monitoring port.
Latest Dell Products L.P. Patents:
- CAMERA SENSOR AND LENS HOUSING STRUCTURE FOR ENHANCED MANUFACTURE ASSEMBLY AND REPAIR
- DUMMY NODE MANAGEMENT IN EDGE COMPUTING
- INFORMATION HANDLING SYSTEM AND PERIPHERAL PRINTED CIRCUIT BOARD HAVING NON-HOMOGENEOUS SUBSTRATE MATERIAL AND INTEGRATED THERMAL SOLUTION
- MUTUAL AUTHENTICATION IN EDGE COMPUTING
- SIMULATION OF EDGE COMPUTING NODES FOR HCI PERFORMANCE TESTING
The present disclosure relates generally to information handling systems, and more particularly to a port monitoring system for information handling systems.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is an information handling system (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
IHSs such as, for example, switches, are utilized in a network to route traffic through the network. In a variety of different situations, it may be desirable to analyze traffic transmitted by a switch to, for example, track patterns of network traffic, detect and/or determine the cause of network failures, network congestion, network bottlenecks, and/or other network problems, perform debugging, and/or for a variety of other network analysis factors known in the art. Conventionally, such analysis may be performed using a port monitoring system. For example, traffic transmitted through a switch may be monitored by mirroring packets entering or exiting a monitored port on the switch, and forwarding the mirrored packets to a monitoring port. The mirrored packets forwarded to the monitoring port may then be examined by a management system with no disruption to the flow of packets at the actual destination port.
In some situations, switches may be provided as logical switches by a plurality of physical devices that operate to provide the logical switch. For example, a logical switch may be provided by one or more controlling bridges connected to one or more port extenders, with the controlling bridge(s) controlling the logical switch and viewing each of the ports on the port extender(s) as one of a plurality of virtual ports. In such situations, conventional port monitoring may raise some issues. For example, when monitoring a physical port (i.e., the “monitored port”) on a port extender, the control bridge will mirror packets received at the virtual port associated with that monitored port. However, there is no guarantee that packets received at a virtual port are actually received at the monitored port, as those packets may be dropped at the intermediate switches, devices, or other subsystems that transmit the packet between the control bridge and the port extender. As such, conventional port monitoring in a logical switch may result in packets being mirrored to a management system when they are not actually received at the monitored port.
Accordingly, it would be desirable to provide an improved port monitoring system.
SUMMARYAccording to one embodiment, an IHS includes a first extending device port that is configured to couple to a first extending device that includes a monitored port, a processing system coupled to the first extending device port, and a memory system coupled to the processing system and including instructions that, when executed by the processing system, cause the processing system to provide a controlling engine that configured to: receive, from a first extending device through the first extending device port, a mirrored packet that was sent in response to a packet detected at the monitored port and that includes a monitoring identifier; determine that the mirrored packet is associated with a monitoring port using the monitoring identifier; and forward the mirrored packet to the monitoring port.
For purposes of this disclosure, an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, calculate, determine, classify, process, transmit, receive, retrieve, originate, switch, store, display, communicate, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes. For example, an information handling system may be a personal computer (e.g., desktop or laptop), tablet computer, mobile device (e.g., personal digital assistant (PDA) or smart phone), server (e.g., blade server or rack server), a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory. Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, touchscreen and/or a video display. The information handling system may also include one or more buses operable to transmit communications between the various hardware components.
In one embodiment, IHS 100,
Referring now to
Referring now to
The chassis 302 of the networking device 300 may house a processing system (not illustrated, but which may be substantially similar to the processor 102 discussed above with reference to
The networking device 300 also includes an extending device port 310, an extending device port 312, and up to an extending device port 314. The extending device ports 310, 312, and 314 may be networking ports (e.g., Ethernet ports) that are configured to couple to extending devices such as, for example, the extending devices 204 and 206 illustrated in
Referring now to
For example, using the port monitoring system 200 discussed above with reference to
One of skill in the art in possession of the present disclosure will recognize that the controlling table may be modified depending on the characteristics of the port monitoring system in which it is implemented. For example, in some embodiments, fields may be added that identify, for example, a monitored traffic direction that indicates a direction of traffic that should be monitored at the port (e.g., ingress, egress, or both), and/or a variety of other monitoring information known in the art. In another example, fields may be added to identify that multiple monitored ports are associated with one monitoring port, or that one monitored port is associated with multiple monitoring ports. As such, a wide variety of information other than that which is illustrated may be provided as a monitoring association and included in a row of the controlling table 350 while remaining within the scope of the present disclosure.
Referring now to
The chassis 402 of the extending device 400 may house a processing system (not illustrated, but which may be substantially similar to the processor 102 discussed above with reference to
The extending device 400 may include a computing device port 410, a computing device port 412, and up to a computing device port 414. The computing device ports 410, 412, and 414 may be networking ports (e.g., Ethernet ports) that are configured to couple to computing devices such as, for example, the computing devices 208, 210, and 212 illustrated in
Referring now to
For example, using the port monitoring system 200 discussed above with reference to
One of skill in the art in possession of the present disclosure will recognize that the mirroring table 450 may be modified depending on the characteristics of the port monitoring system in which it is implemented. For example, in some embodiments, fields may be added that identify, for example, a monitored traffic direction that indicates a direction of traffic that should be monitored at the port (e.g., ingress, egress, or both), a status of the monitoring association (e.g., enabled or disabled), and/or a variety of other monitoring information known in the art. In another example, fields may be added to identify that multiple monitored ports are associated with one monitoring port, or that one monitored port is associated with multiple monitoring ports. As such, a wide variety of information other than that which is illustrated may be provided as a monitoring association and included in a row of the mirroring table 450 while remaining within the scope of the present disclosure.
Referring now to
The method 500 begins at block 502, where a networking device receives a monitoring association. Referring to
In some embodiments, the monitoring association configured/provided by the user or network manager may include additional criteria for the monitoring of flow-based data transfer. For example, when it is desirable to mirror flow-based data transfers, the monitoring association may include source(s) of data to be monitored, source(s) of data that need not to be monitored, and/or a variety of other flow-based criteria known in the art. Such sources of data may be identified by specific addresses such as MAC addresses, IP addresses, VLANs, and/or other identifiers known in the art.
With reference to
In the embodiment illustrated in
The method 500 then proceeds to block 504, where a monitoring identifier for the monitoring association is provided to an extending device. In an embodiment, if a monitoring association includes a monitored port that is on an extender device and a monitoring port that is not on that extending device, a monitoring identifier is allocated for that monitoring association and that monitoring association is provided to the extending device. Referring to
The controlling engine 306 may then provide the monitoring association to the extending device 204 through the extending device port 310 on the networking device 202. Referring to
The mirroring engine 406 in the extending device 204 receives monitoring association including the monitoring identifier through the networking device port 416, and stores the monitoring association in the mirroring table 450 in the mirroring database 408 as discussed above. In one embodiment, the controlling engine 306 in the networking device 202 stores the monitoring association in the mirroring database 408 in the extending device 204 through a control protocol. In another embodiment, the mirroring engine 406 in the extending device 204 stores the monitoring association received from the networking device 202 in the mirroring database 408 in the extending device 204. As such, monitoring associations between a monitored port on a first device and a monitoring port on the second device may be created and provided to the device that includes the monitored port.
The method 500 then proceeds to block 506, where a mirrored packet is generated at the extending device, a monitoring identifier is added to the mirrored packet, and the mirrored packet is sent to the networking device. In one embodiment, the mirroring engine 406 in the extending device 204 may detect (e.g. through the communication system 404) that a packet has been received (e.g., ingress or egress) at a port on the extending device 204. For example, the computing device 208 may send a packet that is received at a port on the extending device 204, or the networking device 202 may forward a packet to the extending device 204 that is directed to that computing device 208 connected to the extending device 204 such that it is forwarded by the extending device 204 through a port connected to that computing device 208. In response to detecting that a packet has been received at a port on the extending device 204, the mirroring engine 406 may reference the mirroring table 450 in the mirroring database 408 to determine whether that port is part of a monitoring association in the mirroring table 450. As such, a packet may be received at one of the computing device ports 410-414 that is not part of a monitoring association, and the mirroring engine 406 will determine that no mirroring is required. However, a packet may be received at the monitored port 602 that is part of a monitoring association, and the mirroring engine may determine that mirroring is required.
In some embodiment of block 506, the mirroring engine 406 may determine whether a packet received at a port that is included in a monitoring association needs to be mirrored for that particular monitoring association using information in the mirroring table 450. For example, the monitoring engine 406 may examine whether the traffic direction of the received packet matches the traffic direction identified by the particular monitoring association (e.g., for ingress-only or egress-only mirroring), whether the particular monitoring association is disabled, whether the source of the received packet satisfies a source requirement (e.g., for flow-based mirroring), etc. Following the determination that the received packet at the monitored port 602 requires mirroring based on that packet being received at a monitored port for which a monitoring association exists (and satisfying any other requirements for that monitoring association), the mirroring engine 406 generates a mirrored packet of the received packet In one embodiment, the mirrored packet may be a copy of the received packet. In some embodiments, the mirrored packet may include a copy of some, but not all, of the information included in the received packet. For example, portions of the received packet that are not needed in the monitoring of the port may be truncated or otherwise removed from the mirrored packet. In yet another embodiment, the mirrored packet may include information about the received packet without actually copying any portion of the received packet. In yet another embodiment, information may be added to the mirrored packet that was not present in the received packet. For example, additional encapsulations and/or headers may be added to the mirrored packet (relative to the received packet) so as to allow the forwarding, tunneling, or otherwise sending of the mirrored packet to the monitoring device (which may be located, for example, on a different network).
After the mirrored packet is generated, the mirroring engine 406 provides the monitoring identifier of the monitoring association for the monitored port 602 in the mirrored packet, and inserts the monitoring identifier in the mirrored packet. In one embodiment, the monitoring identifier may be inserted in a field of an ETag as defined by the IEEE801.1BR standard, as described in detail below. In a specific embodiment, the networking device 202 is a controlling bridge and the extending devices 204 and 206 are port extenders, and the controlling bridge and the port extender(s) may operate as a single logical switch under the Institute of Electrical and Electronics Engineers (IEEE) 802.1Q standard, 802.1BR standard, and/or other standards known in the art. In some embodiments, the control bridge and port extenders may also operate under the VNTAG approach and/or other port extender standards or approaches known in the art. The IEEE 801.IBR standard provides for the attachment of tags to packets that are processed through the controlling bridge and the port extender, and those tags may be an ETag of a form illustrated in
Referring to
The method 500 then proceeds to block 508, where the networking device receives the mirrored packet. Referring to
The method 500 then proceeds to block 510, where the networking device determines the monitoring port using the monitoring identifier in the mirrored packet. In one embodiment, the controlling engine 306 in the networking device 202 may retrieve the monitoring identifier from the mirrored packet. For example, the controlling engine 306 may identify the monitoring identifier in the SRC ECID entry or DEST ECID entry in the ETag in the mirrored packet. Using the monitoring identifier, the controlling engine 306 may reference the controlling table 350 to identify the monitoring port for the mirrored packet. Referring to
In one embodiment, subsequent to determining the monitoring port at block 510, the controlling engine 306 may remove the monitoring identifier from the mirrored packet. For example, the controlling engine 306 may remove the monitoring identifier from the SRC ECID entry or DEST ECID entry in the ETag in the mirrored packet.
The method 500 then proceeds to decision block 512, where it is determined whether the monitoring port is on a device that is external to the networking device. In an embodiment, the controlling engine 306 determines whether the monitoring port determined at block 510 is included on its associated networking device, or if that monitoring port is included on a device that is external to and connected or coupled to its associated networking device. If it is determined that the monitoring port is included on the networking device 202, the method 500 proceeds to block 514 where the mirrored packet is sent to the monitoring port on the networking device.
If it is determined at decision block 512 that the monitoring port is on an external device, the method 500 proceeds to block 516, where a destination identifier is added to the mirrored packet.
The method 500 then proceeds to block 518, where the networking device forwards the mirrored packet to the monitoring port on the external device. Referring to
At block 518, the extending device 206 receives the mirrored packet through the networking device port 416 and the extending device 206 performs a lookup using the destination identifier in the mirrored packet and a forwarding table to identify the monitoring port 608. The extending device 206 then forwards the mirrored packet through the monitoring port 608 to a management system 216. The management system 216 may then utilize the mirrored packet for performing port analytics, troubleshooting, debugging, and/or a variety of other monitoring functions known in the art.
In some embodiments, the systems and methods described herein may not utilize the monitoring identifiers discussed above. In one specific embodiment, the monitoring association configured/provided by the user or network administer may define a monitored port and a monitoring port that are included on the same extending device. For example, referring to
Thus, systems and methods have been described that provide for monitoring ports. Some embodiments of the systems and methods include a plurality of devices that provide a logical switch. As discussed above, conventional port monitoring in such a system may result in packets being mirrored to a management system when they are not actually received at the physical port that is intended to be monitored. The systems and methods of the present disclosure address such issues and provide more accurate port monitoring by generating mirrored packets at the device that includes the physical port that is being monitored, and utilizing monitoring associations and monitoring identifiers to ensure that the mirrored packet is forwarded to monitoring port that is connected to the management system performing the monitoring.
Although illustrative embodiments have been shown and described, a wide range of modification, change and substitution is contemplated in the foregoing disclosure and in some instances, some features of the embodiments may be employed without a corresponding use of other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the embodiments disclosed herein.
Claims
1. A port monitoring system, comprising:
- a logical networking device that includes a virtual port and that is provided by: a first physical extending device that includes a physical networking port and a physical monitored port that is associated with the virtual port, wherein the first extending device is configured to: detect, at the physical monitored port, a first packet that is received from the virtual port; generate, in response to detecting the first packet, a mirrored packet; add a monitoring identifier that is associated with a first physical monitoring port to the mirrored packet; and forward the mirrored packet through the physical networking port; and a physical networking device that is coupled to the first physical extending device and that controls the logical networking device and views the physical monitored ort on the first physical extending device as the virtual port included on the logical networking device, and wherein the physical networking device is configured to: receive the mirrored packet from the first physical extending device; determine the first physical monitoring port for the mirrored packet using the monitoring identifier; and forward the mirrored packet to the first physical monitoring port.
2. The port monitoring system of claim 1, wherein the physical networking device is configured to:
- remove the monitoring identifier from the mirrored packet before forwarding the mirrored packet to the first physical monitoring port.
3. The port monitoring system of claim 1, wherein the physical networking device is configured to:
- receive the monitoring association that defines the physical monitored port and the first physical monitoring port and, in response, allocate the monitoring identifier to the monitoring association, wherein the first physical extending device is configured to receive the monitoring identifier from the physical networking device.
4. The port monitoring system of claim 1, wherein the first extending device is configured to:
- detect, at the physical monitored port, a second packet that is addressed to the virtual port;
- generate, in response to detecting the first packet, a second mirrored packet;
- add a second monitoring identifier that is associated with a first physical monitoring port to the second mirrored packet; and
- forward the second mirrored packet through the physical networking port.
5. The port monitoring system of claim 1, wherein the logical networking device further comprises:
- a second physical extending device that is coupled to the physical networking device, wherein the first physical monitoring port is included on the second physical extending device.
6. The port monitoring system of claim 1, wherein the monitoring identifier is provided in an extended channel identifier (ECID) packet field in the mirrored packet.
7. The port monitoring system of claim 1, wherein the monitoring identifier is associated with a second physical monitoring port, and wherein the physical networking device is configured to:
- determine the second physical monitoring port for the mirrored packet using the monitoring identifier; and
- forward the mirrored packet to the second physical monitoring port.
8. An information handling system (IHS), comprising:
- a first physical extending device port that is configured to couple to a physical extending device;
- a processing system coupled to the first physical extending device port;
- a memory system coupled to the processing system and including instructions that, when executed by the processing system, cause the processing system to provide a controlling engine that configured to: control a logical networking device that is provided, at least in part, by a first physical extending device that is coupled to the first physical extending device port, wherein the first physical extending device includes a physical monitored port that is viewed as a virtual port on the logical networking device by the controlling engine; receive, from the first physical extending device through the first physical extending device port, a mirrored packet that was sent by the first physical extending device in response to a packet that was detected at the physical monitored port and that includes a monitoring identifier that is associated with a first physical monitoring port, wherein the packet that was detected at the physical monitored port was received from the virtual port; determine the first physical monitoring port for the mirrored packet using the monitoring identifier; and forward the mirrored packet to the first physical monitoring port.
9. The IHS of claim 8, wherein the controlling engine is configured to:
- receive a monitoring association that defines the physical monitored port on the first physical extending device and the first physical monitoring port and, in response, allocate the monitoring identifier to the monitoring association; and
- send the monitoring identifier to the first physical extending device.
10. The IHS of claim 8, further comprising:
- a second physical extending device port that is configured to couple to a physical extending device, wherein the controlling engine is configured to forward the mirrored packet to the first physical monitoring port that is included on a second physical extending device that is coupled to the second physical extending device port.
11. The IHS of claim 8, wherein the monitoring identifier is provided in an extended channel identifier (ECID) packet field in the mirrored packet.
12. The IHS of claim 8, wherein the
- the monitoring identifier is associates with a second physical monitoring port, and wherein the controlling engine is configured to:
- determine the second physical monitoring port for the mirrored packet using the monitoring identifier; and
- forward the mirrored packet to the second physical monitoring port.
13. A method for monitoring ports, comprising:
- receiving, by a physical networking device that controls a logical networking device from a first physical extending device that provides at least a portion of the logical networking device and that includes a physical monitored port that is viewed as a virtual port on the logical networking device by the physical networking device, a mirrored packet that was sent in response to a packet that was detected by the first physical extending device at the physical monitored port and that includes a monitoring identifier that is associated with a monitoring port, wherein the packet that was detected by the first physical extending device at the physical monitored port was received from the virtual port;
- determining, by the physical networking device, the monitoring port for the mirrored packet using the monitoring identifier; and
- forwarding, by the networking device, the mirrored packet to the monitoring port.
14. The method of claim 13, further comprising:
- receiving, by the physical networking device, the monitoring association that defines the physical monitored port on the first physical extending device and the monitoring port, and, in response, allocating the monitoring identifier to the monitoring association; and
- sending, by the physical networking device, the monitoring identifier to the first physical extending device.
15. The method of claim 14, further comprising:
- removing, by the physical networking device, the monitoring identifier from the mirrored packet before forwarding the mirrored packet to the monitoring port.
16. The method of claim 13, wherein the monitoring port is included on a second physical extending device that is coupled to the physical networking device and that is included in the logical networking device.
17. The method of claim 16, wherein the forwarding the mirrored packet to the monitoring port includes:
- adding, by the physical networking device, a destination identifier to the mirrored packet;
- determining, by the physical networking device, a physical networking port on the networking device using the destination identifier; and
- forwarding, by the physical networking device, the mirrored packet through the physical networking port to the monitoring port on the second physical extending device.
18. The method of claim 13, wherein the monitoring identifier is provided in an extended channel identifier (ECID) packet field in the mirrored packet.
20090129384 | May 21, 2009 | Regan |
20110299532 | December 8, 2011 | Yu |
20120291026 | November 15, 2012 | Biswas |
20130173784 | July 4, 2013 | Wang |
20150085694 | March 26, 2015 | Agarwal |
20150163173 | June 11, 2015 | Chu |
20150207905 | July 23, 2015 | Merchant |
Type: Grant
Filed: Jun 26, 2015
Date of Patent: Dec 11, 2018
Patent Publication Number: 20160380924
Assignee: Dell Products L.P. (Round Rock, TX)
Inventors: Ravikumar Sivasankar (San Jose, CA), Ashwin Kumar Jayaraman (Tamil Nadu), Shree Murthy (San Jose, CA), Kannan Narayanan (Fremont, CA), Karthik Krishnamurthy (Tamil Nadu)
Primary Examiner: Melvin C Marcelo
Assistant Examiner: Natali Pascual Peguero
Application Number: 14/751,494
International Classification: H04L 12/741 (20130101); H04L 12/931 (20130101); H04L 12/26 (20060101);